| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details. |
| Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details. |
| PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90. |
| ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials. |
| OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including user credentials, customer information, invoice data and any other stored data. This vulnerability is fixed in 2.10.2. |
| Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information. |
| itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. |
| A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation. |
| A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation. |
| A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation. |
| SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter. |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. |
| Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. |
| Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. |
| Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. |
| Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. |
| Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques. |
| The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts. |
